My idea for a decentralized identity

So this is how I think decentralized identity should work:

1. You download an application that uses your phone to collect biometric data. So it would do a eye scans, facial scans, ear scans, record your gate, record your finger prints, palm prints, voice, vein patterns, etc. Basically any biometric data that can be captured with a smart phone, this will take it all.

2. The application takes all of that data and squishes it down into key that's just a string of numbers, and that string of numbers becomes your new name. That key then becomes the basis for all identity. This process would have to be repeatable, so that a person could create the key ten times and every time it would spit out the same string of numbers. This would allow it to work backwards, so that someone can take that key and compare it against any biometric to establish it's you, such as when you're logging into your bank account.

3. So let's say you're going to set up an itunes account. Instead of filling out a bunch of information, you simply give them that key, and whenever you want to log in all you have to do is look into the camera on your device and it will use simple facial recognition. The level of authentication would be up to the third party provider, who would set a minimum standard, then perhaps allow the user to strengthen the authentication if they desire. So something like itunes would require a quick, low level authentication (e.g. simple facial recognition), whereas your bank might require say four or five levels of biometric. Then for something like a government security clearance they would require all levels possible.

4. We could then take this one step further and put everyone's identity keys into a decentralized blockchain, which would then assign all property and claims that that person owns to their key. So, for example, the blockchain would say that I'm an adult male US citizen, that I have a bachelors degree, that I have certain security clearances, that I've passed certain background checks, that the following cryptocurrency keys belong to me, that the following media belongs to me, that I own these stocks, that I own this retirement account, that I own this property, this car, etc.

This would make your identity, digital property, and physical property represented by digital records (like the deed to your house) 100% secure. No one could ever steal your identity or property.

So yea, that's pretty much it. The point is, you are your own password. You're born with your identity, and all this application does is quantify it so that you can provide a quick, simple key to third party applications. Basically when you register for a site or service, you would be providing all these levels of biometric authentication, but instead of having to go through that process for each thing you sign up for, you only have to do it once.

Could it work?

 

Interesting idea. I do see a few potential flaws right off the bat:

1. Working backwards against the ID would be quite difficult, I expect. For example, you may score a 4 on fingerprints and a 5 on eye pattern. You total that for a 9. I might score a 2 on fingerprints and a 7 on eye pattern. I get a 9, as well. I have simplified the math for illustrative purposes, but I think that the basic principle will hold true for more complicated algorithms, as well. The identifying application might have to check most, if not all, biometrics to be sure that it is indeed you.

2. What happens when someone dies and his heirs want to take over the bank account, etc.?

There is no question that we need to come up with better, more sophisticated ways to validate who is who, but it will be difficult.